dch_proxy_internal_networks:
- 172.30.0.0/16
- 172.31.1.0/24
# - 'fd68:c2d2:500e:3e00::/56'

dch_proxy_allowlist:
- 172.30.0.211/32

dch_proxy_blocklist:
- 172.30.0.208/28
- 172.30.0.224/29
- 172.30.0.232/29
- 172.30.0.240/28

dch_proxy_sites:
- backend: gitea
  match: git.pyrocufflink
  matcher: dom
- backend: bitwarden
  match: bitwarden.pyrocufflink
  matcher: dom
- backend: nextcloud
  match: nextcloud.pyrocufflink.net
- backend: kubernetes
  match: billing.hatchlearningcenter.org
- backend: web
  match: chmod777.sh
  matcher: end
- backend: web
  match: dustinandtabitha.com
  matcher: end
- backend: web
  match: dustin.hatch.name
- backend: web
  match: dustin.hatch.is
- backend: web
  match: ebonfire.com
  matcher: end
- backend: web
  match: hatchlearningcenter hlckc hlcks
  matcher: dom
- backend: web
  match: nratonpass.com
  matcher: end
- backend: web
  match: pyrocufflink.net
- backend: web
  match: tabitha.biz
  matcher: end
- backend: kubernetes
  match: ntfy.pyrocufflink.net
- backend: kubernetes
  match: darkchestofwonders.us

dch_proxy_backends:
  bitwarden:
    servers:
    - name: bitwarden
      host: 'bitwarden.pyrocufflink.blue:80'
      options: check
  bitwarden-tls:
    mode: tcp
    servers:
    - name: bitwarden
      host: 'bitwarden.pyrocufflink.blue:443'
      options: check

  gitea:
    servers:
    - name: gitea
      host: 'git0.pyrocufflink.blue:80'
      options: check
  gitea-tls:
    mode: tcp
    servers:
    - name: gitea
      host: 'git0.pyrocufflink.blue:443'
      options: check

  kubernetes:
    servers:
    - name: k8s
      host: 'k8s-ingress.pyrocufflink.blue:80'
      options: check
  kubernetes-tls:
    mode: tcp
    servers:
    - name: k8s
      host: 'k8s-ingress.pyrocufflink.blue:443'
      options: check

  nextcloud:
    servers:
    - name: nextcloud
      host: 'cloud0.pyrocufflink.blue:80'
      options: check
  nextcloud-tls:
    mode: tcp
    servers:
    - name: nextcloud
      # NOTE: NOT the default HTTPS port, but a different virtual host that
      # accepts the PROXY protocol
      host: 'cloud0.pyrocufflink.blue:8443'
      options: check send-proxy-v2

  web:
    servers:
    - name: web0
      host: 'web0.pyrocufflink.blue:80'
      options: check
  web-tls:
    mode: tcp
    servers:
    - name: web0
      host: 'web0.pyrocufflink.blue:443'
      options: check